App permissions
Use the Access Control List (ACL) to control who can access your app's functionality.
How does it work?
The ACL essentially just contains a set of who has permission to execute an action in an Aragon app and who can re-grant or revoke that permission.
Most generally, an Entity can hold the permission to call a function protected by Role in an App, and their permission is managed by a Manager, who can revoke or regrant that permission.
Example
Now let's say we have these 3 apps:
A Token Manager app, which represents BOB token holders and forwards all their intents to another app
A Voting app, which executes any arbitrary action after a voting of BOB token holders passes
A Finance app, which controls the funds of the organization
| Entity | App | Role | Manager |
|---|---|---|---|
Token Manager | Voting | OPEN_VOTE | Voting |
Voting | Finance | WITHDRAW | Voting |
With the simple mapping in the table above, we have done the following:
Given permission to BOB token holders, using the Token Manager, to open votes in the Voting app
Given permission to the Voting app to withdraw funds from the Finance app
We have achieved a fully democratic way of withdrawing funds in Ethereum! 🎉
Last updated